[AusNOG] DNS in general - was Re: Botnet??
Terry Sweetser (SkyMesh CTO)
terry+AusNOG at skymesh.net.au
Mon Jul 30 08:59:19 EST 2012
I'll add my 2c worth here ...
Consider:
[1] a small set of caching resolvers that only your infrastructure can use,
[2] a large set of caching resolvers that reply only to your clients and
downstreams, from 1 or 2 anycast addresses,
[3] a set of 2 (or more) non-recursing resolvers that are publicly
available on 2 or more anycast addresses.
Overall, the most useful advice I can give anyone: deploy your DNS
server farms on anycast.
http://about.me/terry.sweetser
On 29/07/12 17:11, Dobbins, Roland wrote:
> On Jul 29, 2012, at 11:38 AM, ComKal Networks wrote:
>
>> I simply use 'views', internal view (recursive allowed) for internal IP's, external view for everything else (authorative only).
> Views are useful, but as it's all one box, there's no scale advantage for dealing with abnormal load conditions.
>
> -----------------------------------------------------------------------
> Roland Dobbins<rdobbins at arbor.net> //<http://www.arbornetworks.com>
>
> Luck is the residue of opportunity and design.
>
> -- John Milton
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
More information about the AusNOG
mailing list